Vulnerabilities > CVE-2003-0979 - Remote Security vulnerability in Freescripts Visitorbook LE

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

freescripts

NVD

Published: 2004-01-05

Updated: 2016-10-18

Summary

FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.

Vulnerable Configurations

Part	Description	Count
Application	Freescripts Freescripts Visitorbook Le	1

References

http://marc.info/?l=bugtraq&m=107107840622493&w=2
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt